openSUSE Build Service

Adam Majer (adamm) committed almost 2 years ago (revision 185)

fix typo in changes

Adam Majer (adamm) committed about 2 years ago (revision 184)

  (bsc#1198247, CVE-2021-44906)
- CVE-2021-44907.patch: fix insuficient sanitation in npm dependency
  (bsc#1197283, CVE-2021-44907)
- CVE-2022-0235.patch: fix passing of cookie data and sensitive headers
  to different hostnames in node-fetch-npm (bsc#1194819, CVE-2022-0235)

Adam Majer (adamm) committed about 2 years ago (revision 183)

- CVE-2021-44906.patch: fix prototype pollution in npm dependency

Adam Majer (adamm) committed about 2 years ago (revision 182)

- CVE-2021-44906.patch: fix prototype pollution in npm dependecy

Adam Majer (adamm) committed about 2 years ago (revision 181)

- fix_ci_tests.patch: fix zlib tests for z15

Adam Majer (adamm) committed about 2 years ago (revision 180)

- npm-v6.14.16.tar.gz: update to npm 6.14.16 fixing
  * CVE-2021-23343 - ReDoS via splitDeviceRe, splitTailRe and
    splitPathRe (bsc#1192153)
  * CVE-2021-23343 - node-tar: Insufficient symlink protection
    allowing arbitrary file creation and overwrite (bsc#1191963)
  * CVE-2021-32804 - node-tar: Insufficient absolute path sanitization
    allowing arbitrary file creation and overwrite (bsc#1191962)
  * CVE-2021-3918 - json-schema is vulnerable to Improperly
    Controlled Modification of Object Prototype Attributes (bsc#1192696)
- CVE-2021-3807.patch: node-ansi-regex: Regular expression
  denial of service (ReDoS) matching ANSI escape codes
  (bsc#1192154, CVE-2021-3807)
- test_ssl_cert_fixups.patch: fixup SSL certificates in unit tests

Adam Majer (adamm) committed over 2 years ago (revision 179)

- CVE-2021-22930.patch: http2: fixes use after free on close
  in stream canceling (bsc#1188917, CVE-2021-22930)

Adam Majer (adamm) committed almost 3 years ago (revision 178)

Adam Majer (adamm) committed almost 3 years ago (revision 177)

- CVE-2020-8265.patch: Add a unit test for CVE-2020-8265 to make
  sure we don't have it broken in the future.

Adam Majer (adamm) committed almost 3 years ago (revision 176)

Adam Majer (adamm) committed almost 3 years ago (revision 175)

- npm-v6.14.13.tar.gz: update to npm 6.14.13 fixing
  * fixes ssri Regular Expression Denial of Service and
    hosted-git-info Regular Expression Denial of Service
    (bsc#1187976, bsc#1187977, CVE-2021-27290, CVE-2021-23362)
  * fixes  y18n Prototype Pollution (bsc#1184450, CVE-2020-7774)
  
- CVE-2020-15095.patch, minimist.patch: obsoleted by above

Adam Majer (adamm) committed almost 3 years ago (revision 174)

Adam Majer (adamm) committed about 3 years ago (revision 173)

Adam Majer (adamm) committed about 3 years ago (revision 172)

- CVE-2021-22884.patch: DNS rebinding in --inspect
  (CVE-2021-22884, bsc#1182620)
- CVE-2021-22883.patch: only backport unit test to make sure
  we don't have regression here in the future.

Adam Majer (adamm) committed over 3 years ago (revision 171)

- CVE-2020-8287.patch: HTTP Request Smuggling allow two copies of a
  header field in a http request. For example, two Transfer-Encoding
  header fields. In this case Node.js identifies the first header
  field and ignores the second. This can lead to HTTP Request
  Smuggling (https://cwe.mitre.org/data/definitions/444.html).
  (bsc#1180554, CVE-2020-8287)

Adam Majer (adamm) committed over 3 years ago (revision 170)

- Update Requires: so -devel requires npm
- Rely on rpmbuild to define necessary python dependencies

Adam Majer (adamm) committed over 3 years ago (revision 169)

- fix_ci_tests.patch: add support to SUSE's ECDH backport errors
  in SLE's openssl

Adam Majer (adamm) committed over 3 years ago (revision 168)

Adam Majer (adamm) committed over 3 years ago (revision 167)

- CVE-2020-15095.patch: fix information leak through log files
  (bsc#1173937, CVE-2020-15095)

- avoid rpmbuild warnings on if/else/endif constructs

Adam Majer (adamm) committed over 3 years ago (revision 166)

Places

Revisions of nodejs8

Places